SECURITY RESEARCHERS have found a way to bypass the Apple App Store's security checks prior to code signing in order to spread malware across iOS devices.
Presented in a paper by researchers at the Georgia Institute of Technology, the exploit works by submitting malicious code in what appears to be an innocent app and activating it after the app has cleared Apple's security screening.
"Apple adopts the mandatory app review and code signing mechanisms to ensure that only approved apps can run on iOS devices," the researchers said in the paper entitled Jekyll on iOS: When Benign Apps Become Evil [PDF], presented at the Usenix Conference.
"We present a novel attack method that fundamentally defeats both mechanisms. Our method allows attackers to reliably hide malicious behaviour that would otherwise get their app rejected by the Apple review process."
The paper explained that once the app passes Apple's security review and is installed on an end user's device, it can be instructed to carry out the intended attacks.
"The key idea is to make the apps remotely exploitable and subsequently introduce malicious control ﬂows by rearranging signed code," the paper continued. "Since the new control ﬂows do not exist during the app review process, such apps, namely Jekyll apps, can stay undetected when reviewed and easily obtain Apple's approval."
The researchers claim that they have already run a successful test of the exploit and successfully published a proof of concept Jekyll app at Apple's App Store.
This apparently was done by remotely launching the attacks on a controlled group of devices that installed the app.
"The result shows that, despite running inside the iOS sandbox, Jekyll apps can successfully perform many malicious tasks, such as stealthily posting tweets, taking photos, stealing device identity information, sending email and SMS, attacking other apps, and even exploiting kernel vulnerabilities," read the report.
It's not clear whether Apple is aware of the attack yet, and at the time of writing the cappuccino company hadn't responded to our request for comment regarding the paper.
So far, Apple has managed to keep the iOS mobile operating system free of security exploits due to its closed ecosystem.
Earlier this year, F-Secure's chief security researcher Mikko Hypponen praised Apple's security procedures, saying that its App Store is the biggest innovation of the last 10 years.
He said that although Apple's iOS is a closed system, it works in terms of security because users can't install whatever they want on the mobile operating system, only apps that have been inspected by the vendor. µ
Sign up for INQbot – a weekly roundup of the best from the INQ